agenttesla | df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e | Triage

Sharing

General

Target

df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
Size

272KB
Sample

231209-chm78affe4
MD5

05604b7d20a7d61c044d23bf9ee29acd
SHA1

ed4bc7b907ec9645d5dee53c527cccb2d38a5448
SHA256

df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
SHA512

03fe4f53d017b6eaa0dcf5225598f220669c9b4f47d9f57b97f8845212e256419388249922cc364f532d945476869d789ab6a98e486365b96c265d16ca334601
SSDEEP

6144:q48F7QsyKtpw9hAcGTJscDoAb0XWRnTqAJ:KF7pye4hAc8oi0Xkz

Score

10^/10

agenttesla keylogger spyware stealer trojan

Malware Config

Extracted

Credentials

Protocol: smtp
Host:
mail.etasimali.com
Port:
587
Username:
[email protected]
Password:
RECRUTEMENT@2023

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.etasimali.com
Port:
587
Username:
[email protected]
Password:
RECRUTEMENT@2023
Email To:
[email protected]

Targets

- Target
  
  df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
- Size
  
  272KB
- MD5
  
  05604b7d20a7d61c044d23bf9ee29acd
- SHA1
  
  ed4bc7b907ec9645d5dee53c527cccb2d38a5448
- SHA256
  
  df6295dd1ead4d68fbd94b9bfb3818511def8111208b5aa3e4df8687a9fad51e
- SHA512
  
  03fe4f53d017b6eaa0dcf5225598f220669c9b4f47d9f57b97f8845212e256419388249922cc364f532d945476869d789ab6a98e486365b96c265d16ca334601
- SSDEEP
  
  6144:q48F7QsyKtpw9hAcGTJscDoAb0XWRnTqAJ:KF7pye4hAc8oi0Xkz
Score

10^/10

agenttesla keylogger spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

agentteslakeyloggerspywarestealertrojan

behavioral2

agentteslakeyloggerspywarestealertrojan